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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 15 September 2006 appealing from the Office action 
mailed 07 October 2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 
No amendment after final has been filed. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,438,549 ALDRED et al. 08-2002 

6,708,170 BYRNE et al. 03-2004 

6,446,204 PANG et al. 09-2003 
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(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
Claims 9-12, 14-18, 20-23, and 25 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over U.S. Patent 6,438,549 to Aldred et al. 5 hereinafter Aldred, in view of U.S. 

Patent 6,708,170 to Byrne et al., hereinafter Byrne. 

As per claims 9, 16, and 21, Aldred discloses a method for authenticating users to 

individual network devices that are distributed among a plurality of locations, comprising the 

following steps: 

storing a directory structure at one of said locations, said directory structure comprising a 
root node, a first level of nodes below said root node that are associated with respective 
organizations to which said network devices are assigned, and at least one further level of nodes 
below said first level that identify users who are authorized to access the network devices 
assigned to the organization associated with a parent first-level node and authentication 
information for said users (Figures 1 [block 21], 2, 7, column 3, line 64 to column 4, line 20, 
column 6, lines 51-60); 

in response to a request by a user for access to one of said network devices, determining 
which organization to which said one device is assigned and whether said user is identified on a 
node below the first-level node associated with the determined organization (column 1, line 66 to 
column 2, line 21, column 4, line 65 to column 5, line 16, column 7, line 65 to column 8, line 4); 
and 

authenticating said user to said device if the user is so identified (column 7, line 65 to 
column 8, line 4). 
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Aldred does not teach replicating said directory structure among said plurality of 
locations. 

Byrne discloses replicating said directory structure among said plurality of locations 
(column 2, lines 32-37). 

Both Aldred and Byrne are related in controlling access to various resources using a 
access control lists with the lightweight directory access protocol 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to replicate the directory structure among a plurality of locations, since Byrne 
discloses at column 2, lines 32-37 that such a modification allows each machine to define the 
group and entry information for each domain. 

Regarding claims 10, 17, and 22, Aldred teaches wherein said directory structure further 
includes nodes below said first level that identify resources of an associated organization to 
which authenticated users are allowed access (column 4, line 65 to column 5, line 16). 

Regarding claim 11, Byrne teaches wherein said determining step is performed with 
reference to a replicated copy of said directory structure at the location containing said one 
device (column 2, lines 32-37, i.e. authentication based on replication). 

Regarding claim 12, Byrne discloses wherein said network devices comprise servers, and 
said locations are data centers (column 2, lines 23-43, i.e. distributed computing environment, 
multiple servers). 



Application/Control Number: 09/841,008 
Art Unit: 2131 



Page 5 



Regarding claims 14, 18, and 23, Aldred teaches wherein the same user identification and 
authentication information is contained at a plurality of said further level nodes that are 
respectively associated with different ones of said first-level nodes (column 4, line 65 to column 
5, line 16). 

Regarding claim 15, Aldred and Byrne do not teach wherein said replicating step is 
carried out automatically without user input. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to carry out the replicating step automatically, since it has been held that merely 
automating a step requires routine skill in the art. See MPEP § 2144.04, see also In re Venner, 
262 F.2d 91, 95, 120 USPQ 192, 194 (CCPA 1958). 

Regarding claims 20 and 25, Aldred teaches wherein at least some of network resources 
are servers that each include an authentication module that is responsive to a request for access to 
determine the organization to which its corresponding server is assigned and restrict directory 
searches to the further-level nodes below the first-level node associated with the determined 
organization (column 1, line 66 to column 2, line 21, column 4, line 65 to column 5, line 16, 
column 7, line 65 to column 8, line 4). 
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Claims 13, 19, and 24 are rejected under 35 U.S. C. 103(a) as being unpatentable over 
Aldred in view of Byrne as applied above, and further in view of U.S. Patent No. 6,446,204 to 
Pang et al., hereinafter Pang. 

Regarding claims 13, 19, and 24, Aldred and Byrne do not wherein at least some of said 
locations contain at least two replicated copies of said directory structure, and further including 
the steps of distributing access requests among said replicated copies by means of a load 
balancer. 

Pang teaches wherein at least some of said locations contain at least two replicated copies 
of said directory structure, and further including the steps of distributing access requests among 
said replicated copies by means of a load balancer (figure 8, column 23, lines 50-64). 

Aldred, Byrne and Pang are all related in the field of distributed authentication. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to distribute the access requests by means of a load balancer, since Pang states at 
column 23, lines 50-64 that such a modification would balance the load on the authentication 
hosts, thereby preventing bottlenecks. 

(10) Response to Argument 

In response to the Appellant's argument regarding claims 9, 16, and 21 that Aldred does 
not disclose a directory structure comprising a root node, a first level of nodes below the root 
node associated with the respective organizations, and at least one further level of nodes that 
identify users who are authorized to access the network devices, the Examiner disagrees. Aldred 
discloses at least a directory in figure 2, item 21. As seen in figure 2, the directory comprises a 
root node, a first level of nodes below the root node [RDN - relative distinguished name], and 
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one further level of nodes that identify users [Entry (attributes)]. Aldred goes on to elaborate in 
column 6, lines 51-60 that the root node can be country or organization (IBM is disclosed as the 
example m Aldred* s disclosure, column 6, line 54), followed by another level which is the 
department (i.e. deptXYZ from disclosure, column 6, line 54), followed by a users and their 
permissions (i.e. persona from disclosure, column 6, line 54). 

Since Aldred discloses a directory structure comprising a root node, a first level of nodes 
below the root node associated with the respective organizations, and at least one further level of 
nodes that identify users who are authorized to access the network devices, the rejection is proper 
and should be maintained. 

In response to the Appellant's arguments further regarding claims 9, 16, and 21, that 
Aldred does suggest the use of a directory structure as the mechanism to store information for 
authenticating users to network resources, the Examiner respectfully disagrees. The Appellant 
contends that Aldred discloses the use of access control lists that are stored in a relational 
database management system instead of in a directory structure. The Appellant has misconstrued 
Aldred, and Aldred does in fact store the user authentication information in a directory structure, 
albeit the access control lists are stored at strategic points in the tree of the Lightweight Directory 
Access Protocol (LDAP) directory {Aldred, column 5, lines 8-13). Aldred goes on to discuss 
how the access control-related properties conform to the LDAP model in column 5, lines 40-63. 

Aldred teaches maintaining access control information in an LDAP directory and 
therefore suggests the use of a directory structure as the mechanism to store information for 
authenticating users to network resources and the rejection should be upheld. 
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In response to the Appellant's arguments that Aldred does not disclose that access control 
information is contained at certain nodes within the directory tree, the Examiner disagrees. As 
discussed above, Aldred discloses that the access control list is placed at strategic points in the 
hierarchical LDAP tree at column 5, lines 8-13. 

Since Aldred discloses that the access control list is placed at strategic points in the 
hierarchical LDAP tree the limitation that access control information is contained at certain 
nodes within the directory tree has been met and the rejection should be sustained. 

In response to the Appellant's arguments that Aldred does not teach a step that is 
responsive to a request by a user for access to one of the network devices to determine the 
organization to which that device is assigned and whether said user is identified on a node below 
the first-level node associated with the determined organization, the Examiner disagrees. As 
noted above, Aldred discloses a hierarchical tree where access properties propagate to entries 
below that point at column 5, lines 13-16. 

Since Aldred discussed that access properties propagate down the tree, the step that is 
responsive to a request by a user for access to one of the network devices to determine the 
organization to which that device is assigned and whether said user is identified on a node below 
the first-level node associated with the determined organization has been taught and the rejection 
should be maintained. 

Appellant's arguments regarding Byrne fail to comply with 37 CFR 1.1 11(b) because they 
amount to a general allegation that the claims define a patentable invention without specifically 
pointing out how the language of the claims patentably distinguishes them from the references. 
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In response to appellants arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

In response to the Appellant's argument regarding claims 10, 17, and 22 that Aldred does 
not teach information stored at various levels within a directory, the Examiner disagrees. As 
discussed above, the access information is stored in an LDAP directory, and not separately, as 
the Appellant suggests. Also as mentioned above, Aldred states that access information is stored 
at strategic points of the directory tree and propagates downward through the tree at column 5, 
lines 8-13. 

Therefore, Aldred discloses information stored at various levels within a directory and the 
rejection should be sustained. 

Appellant's arguments regarding claims 13, 14, 18, 19, 23, and 24 fail to comply with 37 
CFR 1.1 1 1(b) because they amount to a general allegation that the claims define a patentable 
invention without specifically pointing out how the language of the claims patentably 
distinguishes them from the references. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
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